Secure communication based on noisy input data ... › courses › ss11 › noisy ›...

Secure communication based on noisy input dataPhysically unclonable functions

Stephan Sigg

June 28, 2011

Physical random functions Controlled Physical random functions CPUF API Conclusion

Overview and Structure

05.04.2011 Organisational

15.04.2011 Introduction

19.04.2011 Classification methods (Basic recognition, Bayesian, Non-parametric)

26.04.2011 Classification methods (Linear discriminant, Neural networks)

03.05.2011 Classification methods (Sequential, Stochastic)

10.05.2011 Feature extraction from audio data

17.05.2011 Feature extraction from the RF channel

24.05.2011 Fuzzy Commitment

31.05.2011 Fuzzy Extractors

07.06.2011 Error correcting codes

21.06.2011 Entropy

28.06.2011 Physically unclonable functions

Stephan Sigg | Secure communication based on noisy input data | 2


Outline

Physical random functions

Controlled Physical random functions

CPUF API

Conclusion




Physical random functions / Physically unclonable functions:Random functions that can only be evaluated with the help of aphysical system

DefinitionA PUF is a random function that can only be evaluated with the help ofa specific physical system. The inputs to a physical random function arechallenges and the outputs are responses.




Digital PUFs Simplest kind of PUF. Digital key K is embedded in atamper-proof package along with some logic thatcomputes

Response = RF (K ,Challenge)

for some random function RF




Optical PUFs Made of transparent optical medium containing bubbles.Shining a laser beam through the medium producesspeckle pattern (response) that depends on exactposition/direction of incoming beam.




Silicon PUFs Challenge is an input to a circuit that reconfigures thepath that signals follow through the circuit. Response isrelated to the time it takes for signals to propagatethrough a complex circuit.




Security of PUFs relies on difficulty of extracting all necessaryparameters from a complex physical system

Attacker trying to extract all physical parameters might modify thePUF in the process

This makes PUFs tamper resistant to some extend




PUF implementations build on random manufacturing variations(bubble position or exact wire delays):Exact behaviour is a mystery even for the manufacturer

Not feasible to create two identical copies of a PUF

A difficulty of optical and silicon PUFs is that their output is noisy

Error correction that does not compromise the security is required1

1G.E. Suh, C.W. O’Donnell, I. Sachdev, S. Devadas, Design and implementation of the AEGIS single-chip secure

processor using physical random functions, Proceedings of the 32nd Annual International Symposium of computerArchitecture, 2005




Standard application: Key-card2

Lock stores a database of challenge response pairs (CRPs) for PUF

When the bearer of the PUF wants to open the lock, it selects achallenges it knows and asks the PUF for the corresponding response

Each CRP can be used only once : Card will eventually run out of PUFs

2R. Pappu, Physical One-Way Functions, PhD thesis, MIT, 2001



Outline



CPUF API

Conclusion




DefinitionControlled physical random function (CPUF):PUF that can only be accessed through specific API

Main problem with uncontrolled PUFs: Anybody can query the PUF forthe response to any challenge

In order to engage in cryptography with a PUF device, a user has toexploit the fact that only he and the device know the response to aspecific challenge.




Third party could try to overhear challenge, obtain response from PUFand spoof the device

Problem: Adversary can freely query the PUF

By using CPUFs, Access to PUF restricted by control algorithm thatprevents this attack

Embedding control logic for PUF in physical system of PUF makes itdifficult to conduct invasive attacks on the control logic




The PUF and its control logic have complementary roles

The PUF protects the control logic from invasive attacks

The control logic protects the PUF from protocol attacks




Applications for CPUFsApplications for CPUFs include applications that require singlesymmetric key on a chip

Smartcards that implement authentication:Current smart-cards: Hidden digital keys can be extracted usingvarious attacks

PUF on the smartcard: Can authenticate chip – Digital key notrequired (Smartcard hardware itself is the secret key)

Key can not be duplicated: Person that temporary looses control ofcard need not fear that an adversary might have cloned the card orthat the security became somehow impaired.



Outline



CPUF API

Conclusion



CPUF API

CPUF typically modelled as general-purpose processing element withaccess to a PUF

Man-in-the-Middle Attack:Adversary intercepts communication to device wants Alice to acceptincorrect result as coming from device

Alice would execute the following protocol



CPUF API

Alice would execute the following protocol

1 Pick one CRP (Char, Response) at random

2 Execute the following function on the PUF:

1: GetAuthenticBroken(Chal){2: my Resp = PUF(Chal);3: // Do some computation, produce result4: return (Result, MAC(Result, Resp));5: }

3 Use the MAC and Response to check that the data is authentic



CPUF API

Protocol is not secure against Man-in-the-Middle attacks

Attacker could

1 Intercept message send to GetAuthenticBroken and extract Chal

2 Execute on the PUF:

1: StealResponse(Chal){2: return (PUF(Chal));3: }

3 Forward Alice the message MAC(FakeResult, Response)

4 Since the MAC was computed with the correct response, Aliceaccepts FakeResult



CPUF API

Problem: When Alice releases her challenge, Adversary can ask PUF forcorresponding response and impersonate PUF

Problem persists as long as the PUF freely provides responses



CPUF API

GetSecretTo solve this problem:PUF shall only be accessed via callGetSecret(Chal)=Hash(PHashReg, PUF(Chal))

PUF reveals combination of response and executed program instead ofresponse

Since the Hash is a one-way function: Response not recovered easily



CPUF API

GetSecretWe alter the call of Alice accordingly:

1: GetAuthenticBroken(Chal){2: hashblock()({// HB3: // Do some computation, produce result4: });5: my Secret = GetSecret(Chal);6: return (Result, MAC(Result, Secret));7: }



CPUF API

GetSecretAlice can now compute Secret from Response by computingHash(PHash(HB),Response) to check the MAC

An adversary has no way of obtaining Secret



CPUF API

GetCRPHowever, the solution presented may be too restrictive for Alice also

With no CRP:No way for Alice to obtain one in the first place:Device never reveals response

Possible solution: Primitive called GetCRP that

1 Picks a random challenge

2 Computes the response

3 Returns the response to the caller

When space of challenges large enough:Unlikely that attacker can compute CRPs identical to Alice’s



CPUF API

GetResponseProblem: Random number generators often vulnerable to attacks

Therefore: Might prefer alternative that not relies on a RNG that much

Replace GetCRP by GetResponse()=PUF(PHashReg)

Now: Anybody can generate CRP (PHashReg,GetResponse())

But: Due to hash function, nobody can generate specific CRP



CPUF API

GetResponse



CPUF API

GetResponseMan-in-the-Middle attack is prevented since each user has his own CRPs

Challenges can be public, but responses are required to be private

When not told the secret and GSH not leaks information, adversary canonly obtain secret by hashing appropriate response

No way for adversary to obtain this response

Therefore:Man-in-the-Middle attacks are prevented since PUF accessed onlythrough GetSecret and GetResponse.



CPUF API

Challenge response pair managementHow to get the response to the legitimate user?The following sequence is proposed for CRP management

After manufacturing manufacturer gets device-CRP withBootstrap

Manufacturer uses Introduction to provide CRPs to certificationauthorities

Certification authorities provide CRPs to end users

Anybody in possession of a CRP can create new CRPs by Renew



CPUF API

Bootstrapping

1 Pick a pre-challenge PreChal at random

2 Execute

1: Bootstrap(PreChal){2: hashblock(PreChal)({3: Return GetResponse();4: });5: }

3 The challenge for the CRP is obtained by calculating PHash(HB)

If PreChal is not known, the security relies on the hash function



CPUF API

Renewal

1 Pick a pre-challenge PreChal at random

2 By using an old challenge OldChal, execute

1: Renew(OldChal, PreChal){2: hashblock(OldChal, PreChal)({3: my NewResponse = GetResponse();4: my Secret = GetSecret(OldChal);5: return Encrypt(NewResponse, Secret);//Key:Secret6: });7: }

3 Compute Hash(PHash(HB), OldResponse) to calculate Secret,check the MAC with it and retrieve NewResponse



CPUF API

RenewalWhen the response corresponding to OldChal is only known to theuser, the method is secure.



CPUF API

IntroductionProvide user with CRP

Assumption:Trusted channel between user and certifier



CPUF API

Introduction

1 Cert. authority picks (OldChal, OldResponse), computesSecret=Hash(PHash(HB), OldResponse) and returns (OldChal, Secret)

2 User picks pre-challenge PreChal at random and executes

1: Introduction(OldChal, PubKey, PreChal){2: hashblock(PubKey, PreChal)({3: my NewResponse = GetResponse();4: my Message = PublicEncrypt(NewResponse, PubKey);5: my Secret’ = GetSecret(OldChal);6: Return (Message, MAC(Message, Secret’));7: });8: }

3 User checks MAC with Secret. (Secret=Secret’ since both are computed asHash(PHash(HB), OldResponse)). User Decrypts Message and computesPHash(HB) to obtain Response and Challenge



Outline



CPUF API

Conclusion


Questions?

Stephan [email protected]



Literature

C.M. Bishop: Pattern recognition and machine learning, Springer, 2007.

P. Tulys, B. Skoric, T. Kevenaar: Security with Noisy Data – On privatebiometrics, secure key storage and anti-counterfeiting, Springer, 2007.

W.W.Peterson, E.J. Weldon, Error-Correcting Codes, MIT press, 1972.

R.O. Duda, P.E. Hart, D.G. Stork: Pattern Classification, Wiley, 2001.


Date post:	04-Jul-2020
Category:	Documents
Upload:	others
View:	6 times
Download:	0 times

Secure communication based on noisy input data ... › courses › ss11 › noisy ›...

Documents